General

  • Target

    PO.exe

  • Size

    1.3MB

  • Sample

    230725-mwpnbacb69

  • MD5

    456b73d6317cb5a57fe14e89f9b96408

  • SHA1

    149cc1cd047994354c0188e8e3ed8369376a8efe

  • SHA256

    f0de5714ce83c1b278f1426a198450e9ee1a94fdaefd77d502ec9c010cc43450

  • SHA512

    93893d0b766c39fe7da8dd6cd5f0c2b4e3afac8f29d4b37299bb8efa04e36ef1c5b1aaad7d81e10166bcb8fdd7d485c8944abba99993d0a5be1ce979fc0d3a31

  • SSDEEP

    24576:ranliXrYoAUdjb+CWzRPs71onMd5RhxnxhMHwMdo:elarYJUdvjiJlMdTD3MQ

Score
10/10

Malware Config

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      PO.exe

    • Size

      1.3MB

    • MD5

      456b73d6317cb5a57fe14e89f9b96408

    • SHA1

      149cc1cd047994354c0188e8e3ed8369376a8efe

    • SHA256

      f0de5714ce83c1b278f1426a198450e9ee1a94fdaefd77d502ec9c010cc43450

    • SHA512

      93893d0b766c39fe7da8dd6cd5f0c2b4e3afac8f29d4b37299bb8efa04e36ef1c5b1aaad7d81e10166bcb8fdd7d485c8944abba99993d0a5be1ce979fc0d3a31

    • SSDEEP

      24576:ranliXrYoAUdjb+CWzRPs71onMd5RhxnxhMHwMdo:elarYJUdvjiJlMdTD3MQ

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks